Security News

Check Point has evidence that Chinese hackers stole and cloned an NSA Windows hacking tool years before Russian hackers stole and then published the same tool. 2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.

The U.S. National Security Agency has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model. Titled "Embracing a Zero Trust Security Model," the document details the benefits and challenges of the security model, and also provides a series of recommendations on the implementation of Zero Trust within existing networks.

The National Security Agency and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today's increasingly sophisticated threats. Google implemented zero-trust security concepts following Operation Aurora in 2009 for an internal project that became BeyondCorp. Zero Trust defense for critical networks.

A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed. Check Point put out a report on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually leaked online in 2017.

New research has found evidence that a Chinese-affiliated threat group has hijacked a hacking tool previously used by the Equation Group. "Although we don't show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets," Yaniv Balmas, head of cyber research with Check Point Software, said.

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. "To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.

A piece of malware linked by U.S. intelligence agencies to hackers believed to be backed by the Russian government remains a mystery to the private sector, which apparently hasn't found a single sample of the malware, and one researcher went as far as suggesting that it may be a false flag set up by the United States itself. In August 2020, the NSA and the FBI released a joint cybersecurity advisory detailing a piece of malware they named Drovorub.

"In 2015, Juniper revealed a security breach in which hackers modified the software the company delivered to its customers," a Wyden statement read. "Researchers subsequently discovered that Juniper had been using an NSA-designed encryption algorithm, which experts had long argued contained a backdoor, and that the hackers modified the key to this backdoor." "The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company's software updates," the members wrote.

Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack. The VPN issue was related to the use of Dual Elliptic Curve Deterministic Random Bit Generator, a NIST-approved cryptographic algorithm that had been known to contain a backdoor introduced by the NSA. Juniper had made some changes to prevent abuse, but the malicious code enabled the backdoor.

As the incoming Biden administration continues to shake up federal leadership, the National Security Agency announced Friday that Rob Joyce, who is currently serving at the U.S. Embassy in London, was named to lead its cybersecurity division. Joyce will inherit the job from Anne Neuberger, who will leave the post to serve as deputy national security adviser for the National Security Council, putting her in charge of cybersecurity for the entire federal government.